Hi everyone,
I had this issue with MM 2.1.16 and the listname/members?start=(email) URL:
it would display the message "Error: The form lifetime has expired. (request
forgery check)" at the top of the page.
Dug in my archives and found this reference:
On Sun, Nov 11, 2012 at 7:09 PM, Odhiambo Was
Peter Shute writes:
>
> Stephen J. Turnbull wrote:
>
> > The DMARC WG advocates putting list-post in "From" in place
> > of a DMARC p=reject address. I advocate accepting their
> > advice for stock Mailman, and avoiding other non-conforming
> > workarounds until the market demands them
Stephen J. Turnbull wrote:
> The DMARC WG advocates putting list-post in "From" in place
> of a DMARC p=reject address. I advocate accepting their
> advice for stock Mailman, and avoiding other non-conforming
> workarounds until the market demands them. If it gets noisy,
> feel free to cave
Glenn Sieb writes:
> So I updated to 2.1.18-1 today. Now we have a Reply-To that has the
> poster's email and the list's email address.
>
> A few of the lists I run block emails with more than one recipient, so
> now this is going to be an adventure. (Ok, more like a nightmare, as
> right n
Barry Warsaw writes:
> On May 06, 2014, at 02:15 PM, Stephen J. Turnbull wrote:
>
> >No, the point is that a phishing mail with
> >
> >From: Chase Bank Customer Service
> >
> >will sail right past DMARC, as currently set up.
>
> So too will serv...@chase.com.ru without Mailman ever
On May 06, 2014, at 05:17 PM, Glenn Sieb wrote:
>Fair enough. So, basically I'm fsck'd. Set the lists to be
>"anonymous_list" or set an explicit reply-to to be the lists and hope
>that strips out the extraneous reply-to entry.
Yes, and sadly it's forced on us by external policies.
I must admit t
On 05/06/2014 02:52 PM, Russell Clemings wrote:
> Is the existing change (making sure the poster's address is in the
> reply-to) available in a patch? I checked launchpad but if it's there I
> couldn't find it. I'd like to see if I can apply it to 2.1.17 while
> waiting for cPanel to upgrade to 2.1
Is the existing change (making sure the poster's address is in the
reply-to) available in a patch? I checked launchpad but if it's there I
couldn't find it. I'd like to see if I can apply it to 2.1.17 while waiting
for cPanel to upgrade to 2.1.18.
FWIW, I'd vote against a rollback to the earlier b
On 05/06/2014 02:36 PM, Glenn Sieb wrote:
> On 5/6/14, 5:31 PM, Mark Sapiro wrote:
>> I could always add yet another setting, but I hate that idea for
>> multiple reasons.
>>
>
> Can there be an option somewhere in between "anonymous_list" and
> "reply_goes_to_list?" One where it can strip the po
On Tue, 2014-05-06 at 14:31 -0700, Mark Sapiro wrote:
> I am willing to consider changing this, either to treat Reply-To:
> differently for Wrap Message since the original headers are in the
> wrapped message in that case, or to just go back to not adding the
> poster's address to Reply-To: as in m
On 5/6/14, 5:31 PM, Mark Sapiro wrote:
> I went back and forth with this. Initially, if first_strip_reply_to was
> Yes and reply_goes_to_list was This list or Explicit address, I didn't
> put the poster's address in Reply-To:
>
> I finally decided it was of overriding importance to expose the post
On 05/06/2014 02:17 PM, Glenn Sieb wrote:
>
> Fair enough. So, basically I'm fsck'd. Set the lists to be
> "anonymous_list" or set an explicit reply-to to be the lists and hope
> that strips out the extraneous reply-to entry.
I went back and forth with this. Initially, if first_strip_reply_to wa
On 5/6/14, 4:29 PM, Mark Sapiro wrote:
> Do you mean Privacy options... -> Recipient filters ->
> max_num_recipients = 2
>
> If so, ouch, but what do you do now when people reply-all to posts.
> Don't those replies get held?
Indeed. They get rejected. Policy on a couple particular lists. No cc's,
On 05/06/2014 12:47 PM, Glenn Sieb wrote:
>
> So I updated to 2.1.18-1 today. Now we have a Reply-To that has the
> poster's email and the list's email address.
>
> A few of the lists I run block emails with more than one recipient,
Do you mean Privacy options... -> Recipient filters ->
max_num
Greetings...
So I run a bunch of mailing lists, with a bunch of people who are not
technically adept whatsoever. ("I am not getting list posts! "That's
because you set yourself to no mail" "What's no mail?" "It means you set
yourself to be a member of the list, but not to get any email from it."
"
On Tue, May 6, 2014 at 1:37 PM, Mark Sapiro wrote:
> A critical incompatibility between the Mailman 2.1.18 final release and
> Python versions older than 2.6.5 or thereabouts affecting the DMARC Wrap
> Message action was discovered and fixed. This incompatibility also
> existed in the 2.1.16 and 2
On 05/06/2014 10:58 AM, jdd wrote:
> Le 06/05/2014 17:10, Mark Sapiro a écrit :
>
>> There is no problem with gate_news. gate_news says it delivered all 12
>> messages from the news group to the list.
>
> well... where are them?
Actually, I was mistaken. The log messages you posted say only tha
On 05/06/2014 02:04 AM, Henrik Rasmussen wrote:
>
> When I change my templates in /usr/lib/mailman/templates/site/da/ (like
> admlogin.html) I see the changes taking effect (immediately, even though I
> didn't restart Mailman), but any changes I make to the Archive templates
> located in the sa
Le 06/05/2014 17:10, Mark Sapiro a écrit :
There is no problem with gate_news. gate_news says it delivered all 12
messages from the news group to the list.
well... where are them?
What's in Mailman's other logs? Were these posts to news that didn't
come from the list in the first place?
A critical incompatibility between the Mailman 2.1.18 final release and
Python versions older than 2.6.5 or thereabouts affecting the DMARC Wrap
Message action was discovered and fixed. This incompatibility also
existed in the 2.1.16 and 2.1.17 releases.
Thus, I have released Mailman 2.1.18-1 with
"Stephen J. Turnbull" wrote:
No, the point is that a phishing mail with
From: Chase Bank Customer Service
will sail right past DMARC, as currently set up
It will sail past people using modern mail clients, too, by which I include
web mail and Outlook, since those people will see som
On 05/06/2014 06:06 AM, Richard Shetron wrote:
>
> The original lists are old enough to not have been confirmed. The goal
> would be to send a confirmation email to everyone on the list and
> unsubscribe anyone who does not re-confirm within a reasonable time, say
> 1 week.
You would have to do
On 05/05/2014 11:52 PM, jdd wrote:
>
> but posts to the newsgroup do not reach the list
>
> fromusenet logs
>
> May 06 08:43:47 2014 (27035) linux-31: [1..12]
> May 06 08:43:47 2014 (27035) gating linux-31 articles [12..12]
> May 06 08:43:47 2014 (27035) posted to list linux-31: 12
> May 06
On May 06, 2014, at 02:15 PM, Stephen J. Turnbull wrote:
>No, the point is that a phishing mail with
>
>From: Chase Bank Customer Service
>
>will sail right past DMARC, as currently set up.
So too will serv...@chase.com.ru without Mailman ever getting involved, and I
bet that will be just as
That is correct. The lists are current news announcements so only the
list owner posts to the list. The sample headers I got look legit as
far as I can tell. They redacted all the email/destination information
that would id the receiving system/email.
The original lists are old enough to not ha
I understand now, fake warnings for phishing. As for not being taken in, I
haven't yet, but I'm sure it would be possible to create one that I would
assume to be genuine.
Peter Shute
Sent from my iPad
> On 6 May 2014, at 3:15 pm, "Stephen J. Turnbull" wrote:
>
> Peter Shute writes:
>>> On 5
I am running Mailman version 2.1.12.
When I change my templates in /usr/lib/mailman/templates/site/da/ (like
admlogin.html) I see the changes taking effect (immediately, even though I
didn't restart Mailman), but any changes I make to the Archive templates
located in the same directory doesn't
27 matches
Mail list logo
